The present invention relates to apparatus for and methods of verifying both the physical identity of an individual and that individual's authority to gain access to a secured site. More particularly, the invention relates to methods of verifying user identity and authority to access an otherwise inaccessible physical space, body of data, etc., and to a hand-held device useful in the implementation of such methods. The methods and apparatus of the invention are of the type including input and recognition of a biometric parameter of the user.
For purposes of the present discussion and disclosure of the invention, the term “secure(d) site” is used to refer to both physical areas, spaces and devices, as well as electronic domains, databases, and the like, to which access is restricted to certain authorized users. Access to a secured site may be provided either entirely electronically, as to a data bank, or by a combination of electronic and mechanical means, as by releasing a lock in response to authenticated electrical signals. The term “biometric parameter/characteristic/feature” is used to denote one or more physical attributes uniquely associated with a particular individual, such as a finger, thumb or hand print, a retinal or facial scan, a DNA sample, and the like. The term “biometric template” refers to a body of stored or storable electronic signals which uniquely correspond to a biometric parameter. The acronym “PIN” (Personal Identification Number) is defined as a sequence of characters (numbers, letters, symbols, etc.) each of which is, or may be, represented by a corresponding electrical signal, electrically or magnetically recorded code, or the like, and is used synonymously with “password.”
The art and science of authentication and identification of human individuals is embodied in the simple concept of uniqueness. Uniqueness is defined, within acceptable risk parameters, as one or a combination of only three possible things, namely, (in the order of their traditional ranking from weakest to strongest): 1. something known only (uniquely) by the individual and which is verifiable by the secure host (e.g., mother's maiden name, a PIN, etc.)
2. something physically possessed only (uniquely) by the individual and verifiable by the secure
host (e.g., a token, smart card or synchronous algorithm result), and 3. some (unique) biometric parameter of the individual verifiable by the host. When one or more of these indicia of uniqueness is/are presented to and verified by the host, the individual is deemed to be authenticated as to identity and access to the secure site is permitted.
In order for an individual to present biometric and token based indicia of uniqueness to a host by conventional means, special provisions must be made at each host, often requiring apparatus at the user side interconnected to the host. For example, under traditional biometric and token based systems, a biometric template and/or token is passed to the host for authentication via a client-side reader compatible with the particular security/authentication hardware and software employed. The indicia of uniqueness must be received by the host and compared against a known and correlated collection of stored data. Accordingly, a privacy issue is raised as the individual user is required to relinquish otherwise private biometric data, in template form, to the host. Understandably, this results in a reluctance to accept and utilize such systems and is responsible, in large part, for the fact that such systems are not in widespread use today. Although a biometric scan is often used as the sole presentation of uniqueness to gain access to a secure workplace, and therefore “voluntary” only to the extent of accepting or declining the work, the combination of possessive (coded card) and cognitive (short PIN) indicia of uniqueness remains the ubiquitous form of authentication.